amadey | cde19cc1a4872f7cf08785ffa73457993ccb860f55a3f8f183814e78aa930206 | Triage

Sharing

General

Target

cde19cc1a4872f7cf08785ffa73457993ccb860f55a3f8f183814e78aa930206
Size

952KB
Sample

230416-16h56scb93
MD5

02a2d9c11ec58c11f67219cdd6f2cdcf
SHA1

f798ba2e4bc7508d174fa538acf324a05304f3a6
SHA256

cde19cc1a4872f7cf08785ffa73457993ccb860f55a3f8f183814e78aa930206
SHA512

e39b797416c019821a076cbbe9522c7daad1a66369e6eedd8977f0b8d6c2997d62d5d87d2bc6b540e80d17c69d5b1378cd257b34f8277898cb2d9abbff5a70db
SSDEEP

24576:zyW8BUo5d0VxcTmSomfrZ2x4gK80BiVb/:GDf5uVxcThocsxLK8ciV

Score

10^/10

amadey discovery evasion persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  cde19cc1a4872f7cf08785ffa73457993ccb860f55a3f8f183814e78aa930206
- Size
  
  952KB
- MD5
  
  02a2d9c11ec58c11f67219cdd6f2cdcf
- SHA1
  
  f798ba2e4bc7508d174fa538acf324a05304f3a6
- SHA256
  
  cde19cc1a4872f7cf08785ffa73457993ccb860f55a3f8f183814e78aa930206
- SHA512
  
  e39b797416c019821a076cbbe9522c7daad1a66369e6eedd8977f0b8d6c2997d62d5d87d2bc6b540e80d17c69d5b1378cd257b34f8277898cb2d9abbff5a70db
- SSDEEP
  
  24576:zyW8BUo5d0VxcTmSomfrZ2x4gK80BiVb/:GDf5uVxcThocsxLK8ciV
Score

10^/10

amadey discovery evasion persistence spyware stealer trojan
- Amadey
  Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
  trojan amadey
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

amadeydiscoveryevasionpersistencespywarestealertrojan